logo
Use cases Pricing Demo Integration Sign up
Jekimo Integration
Integrating Jekimo: Server-Side Flow

To integrate with Jekimo, your server needs to handle two main API calls: gettoken and check. Here’s how the process should be implemented:

1. User Age verification or Login Page

The user visits your verification page or login page.

Optionally, you can define a minimum age required for access by passing a min-age and two-fa parameters during the gettoken request.

2. Request Token

Your server makes a POST request to /v1.1/auth/gettoken with your API key and optional parameters like min-age.

  • token — a unique token for this authorization session.
  • qrcode — either a Base64 image or a link for mobile users.
  • timestamp — the token creation time (valid for 120 seconds).

Your page then displays the QR code (or the link) to the user. The user must scan the QR code with their phone app to authorize themselves.

3. Polling for Authorization

Your server must periodically check the token status by calling /v1.1/auth/check every 5 seconds. The token is valid for 120 seconds.

Pass the token and your API key in the request headers.

Possible responses:

  • created — waiting for user to scan and authorize.
  • OK — user successfully authorized.
  • KO — user not recognized or authorization failed.
4. Handling Authorization Result
  • Once the server receives OK, the user can be authenticated in your system (e.g., using their email address provided during login).
  • If KO, display an error message and allow the user to retry.
  • The polling stops either when the token expires (after 120 seconds) or a definitive result (OK or KO) is returned.
5. Security Note

The token is short-lived and tied to a single authorization session. Your server must handle retries gracefully if the token expires or if the user fails to authorize within the validity period.

1. Get the Token and QRCode
apikey: The API key you received for your website. min-age: The minimum age required for users to access your products or services. twoaf: Set to true or false depending on whether you want Jekimo to enable a PIN as a second authentication factor. If true, you must send the PIN provided by Jekimo to the user via email as part of the two-factor authentication if the user’s risk level is flagged as true.
curl -X POST "https://www.jekimo.com/app.php/v1.1/auth/gettoken" \
-H "x-api-key: YOUR_SECRET_API_KEY" \
-H "min-age: 18" \
-H "two-af: false" \
-H "Content-Type: application/x-www-form-urlencoded"
Success Response:
{
    "token": "b916b66831cab6567be9956b6f87cf64c539f1f89e1f04577a8be24af73d5d8d",
    "timestamp": 1764499200,    
    "qrcode": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAA..."
    "url": "https://www.jekimo.com/app.php/v1.1/en/user/login/b916b66831..."
}
Error Response:
{
    "error": "Invalid API key"
}
2. Verify User Authorization
curl -X POST "https://www.jekimo.com/app.php/v1.1/auth/check" \
-H "x-api-key: YOUR_SECRET_API_KEY" \
-H "token: b916b66831cab6567be9956b6f87cf64c539f1f89e1f04577a8be24af73d5d8d" \
-H "Content-Type: application/x-www-form-urlencoded"
Authorization Response:
{
    "status": "created"   // Waiting for user to scan QR code (valid for 120 seconds)
    "risk": false  // Initial risk value false
    "pin": 0 // 0 for no two-factor authentication ( two-fa ),  or a 6-digit number (e.g., 293812) you have to send to the user via email if twoaf is true and risk is flagged
}
{
    "status": "OK"        // User successfully authenticated
    "risk": true   // risk: true or false depending on Jekimo’s analysis of the user’s verification.
    "pin": 0 // 0 for no two-factor authentication ( two-fa ), or a 6-digit number (e.g., 293812) you have to send to the user via email if twoaf is true and risk is flagged
}
{
    "status": "KO"        // User not recognized or failed authentication
    "risk": true   // risk value is true
    "pin": 0 // 0 for no two-factor authentication ( two-fa ), or a 6-digit number (e.g., 293812) you have to send to the user via email if twoaf is true and risk is flagged
}
Error Response:
{
    "error": "Invalid Token"
}
1. PHP sample code
This PHP code runs on your server to securely communicate with Jekimo. It posts the user’s temporary token and returns the verification outcome (OK, KO, or created), plus the related risk value and, when required, a PIN code. and obtains the link or QR code to display to the user—without ever exposing your API key in the browser. 

//  your-website-url/jekimo-check.php

<?php
$token = $_POST['token'] ?? '';
$apiKey = 'YOUR_SECRET_API_KEY';

$ch = curl_init("https://www.jekimo.com/app.php/v1.1/auth/check");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
    "x-apy-key: $apiKey",
    "token: $token",
    "Content-Type: application/x-www-form-urlencoded"
]);
$response = curl_exec($ch);
curl_close($ch);

header('Content-Type: application/json');
echo $response; // Successful response: { "status": "OK", "risk": false, "pin": 0 }
?>
2. Javascript sample code
This JavaScript runs in the browser and continuously checks the user’s verification status by calling the PHP script on your server. It polls the server at intervals: if the response is "OK", the user is redirected to the protected page; if "KO", access is denied; if "created", it waits and checks again. This loop ensures the site responds immediately once the user completes the Jekimo verification on their device. 

// JavaScript code to run on the page displaying the QR code or verification link

async function pollJekimo(token, attempt = 1) {
    const maxAttempts = 24; // 24 calls max ~ 120 seconds

    try {
        const res = await fetch('your-website-url/jekimo-check.php', {
            method: 'POST',
            headers: {'Content-Type': 'application/x-www-form-urlencoded'},
            body: `token=${encodeURIComponent(token)}`
        });
        const data = await res.json();

        if (data.status === "OK") {
            window.location.href = '/dashboard';
        } else if (data.status === "KO") {
            alert("Access denied: authentication failed.");
        } else if (data.status === "created" && attempt < maxAttempts) {
            setTimeout(() => pollJekimo(token, attempt + 1), 5000); // 5 seconds interval
        } else if (attempt >= maxAttempts) {
            alert("Verification timeout. Please try again.");
        }
    } catch (err) {
        console.error(err);
        if (attempt < maxAttempts) {
            setTimeout(() => pollJekimo(token, attempt + 1), 5000);
        } else {
            alert("Verification timeout due to network error. Please try again.");
        }
    }
}

// start polling
pollJekimo('USER_TEMP_TOKEN_FROM_JEKIMO');
logo
For more information or investor inquiries,
please contact us at:
hello@jekimo.com
Jekimo delivers secure, passwordless authentication with 100% privacy. Ideal for sensitive services—such as banking, healthcare, or adult platforms—it verifies users locally and exchanges only encrypted biometric landmark vectors. No raw biometric data is ever stored, ensuring maximum security and strict compliance while keeping personal information fully private.
Stay Tuned — Something Great Is Coming!
Leave your email and we’ll keep you updated on our worldwide launch.
Subscribe
© 2026 Jekimo
Terms & Conditions Privacy Policy Cookies